I have a pix with failover.
I have one interface vlan903 physical (no host)
I have two logical vlan900 and vlan902. (contain hosts)
Each pix has a ethernet cabled connection to a 6509.
Both switch ports on the 6509 are configured as dot1q trunks. They are native to vlan 903.
Now, there was a failover that appears to be associated with the interface with the physical vlan.
I look at sho fail and all three vlans show normal /waiting on both pix.
Traffic is still reaching the two logical vlans.
I can ping each vlan interface from either pix except for the physical vlan interface.
I can ping the local vlan903 address on each pix but not accross vlan 903.
I tried a cross-over cable from my laptop to the standby pix and do not get a response to ping.
The primary is production, so I can do this test.
I added another port on vlan 903 on the 6509 and put my laptop there and can not ping either pix on that vlan.
Both interfaces on the 6509 sho connected trunk
I can't figure out what is bad here.
I failed it back last night and after a short while it failed over again. Basically saying that the mate was healthier for this interface.
Here is the config and the sho fail
PIX Version 6.3(1)
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 100full
interface ethernet3 100full
interface ethernet4 100full
interface ethernet4 vlan903 physical
interface ethernet4 vlan900 logical
interface ethernet4 vlan902 logical
interface ethernet5 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security10
nameif ethernet3 BigIP security0
nameif ethernet4 PHYSICALDMZ security75
nameif ethernet5 Extranet security50
nameif vlan902 VPNDMZ security75
nameif vlan900 DMZ security75
ip address outside 64.56.8.252 255.255.255.0
ip address inside 10.15.1.253 255.255.0.0
ip address intf2 192.168.253.1 255.255.255.0
ip address BigIP 192.168.10.125 255.255.255.0
ip address PHYSICALDMZ 4.4.4.4 255.255.255.0
ip address Extranet 192.168.1.253 255.255.255.0
ip address VPNDMZ 192.168.12.253 255.255.255.0
ip address DMZ 192.168.11.253 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 64.56.8.250
failover ip address inside 10.15.1.247
failover ip address intf2 192.168.253.2
failover ip address BigIP 192.168.10.250
failover ip address PHYSICALDMZ 4.4.4.8
failover ip address Extranet 192.168.1.250
failover ip address VPNDMZ 192.168.12.250
failover ip address DMZ 192.168.11.250
failover link intf2
Failover On
Cable status: Normal
Reconnect timeout 0:00:00
Poll frequency 15 seconds
This host: Secondary - Active
Active time: 5881830 (sec)
Interface outside (64.56.8.252): Normal
Interface inside (10.15.1.253): Normal
Interface intf2 (192.168.253.1): Normal
Interface BigIP (192.168.10.125): Normal
Interface PHYSICALDMZ (4.4.4.4): Normal (Waiting)
Interface Extranet (192.168.1.253): Normal
Interface VPNDMZ (192.168.12.253): Normal (Waiting)
Interface DMZ (192.168.11.253): Normal (Waiting)
Other host: Primary - Standby
Active time: 1665 (sec)
Interface outside (64.56.8.250): Normal
Interface inside (10.15.1.247): Normal
Interface intf2 (192.168.253.2): Normal
Interface BigIP (192.168.10.250): Normal
Interface PHYSICALDMZ (4.4.4.8): Normal (Waiting)
Interface Extranet (192.168.1.250): Normal
Interface VPNDMZ (192.168.12.250): Normal (Waiting)
Interface DMZ (192.168.11.250): Normal (Waiting)
